# this was designed to be used in dev where there is no global proxy
# this way, we can get away with a single ip and ssl cert instead of
# one for taskotron and one for resultsdb. The url scheme also stays
# closer to stg/prod
---
- name: start httpd (provided in the apache role)
  service: name=httpd state=started

- name: ensure packages required for proxying are installed (yum)
  package: name={{ item }} state=present enablerepo={{ extra_enablerepos }}
  with_items:
    - libsemanage-python
  when: ansible_distribution_major_version|int < 22

- name: ensure packages required for proxying are installed (dnf)
  dnf: name={{ item }} state=present enablerepo={{ extra_enablerepos }}
  with_items:
    - libsemanage-python
  when: ansible_distribution_major_version|int > 21 and ansible_cmdline.ostree is not defined

- name: allow httpd tcp connections with selinux
  seboolean: name=httpd_can_network_connect state=true persistent=yes

- name: copy resultsdb proxy httpd config
  template: src=resultsdb.conf.j2 dest=/etc/httpd/conf.d/resultsdb.conf owner=root group=root
  notify:
    - reload httpd

- name: copy execdb proxy httpd config
  template: src=execdb.conf.j2 dest=/etc/httpd/conf.d/execdb.conf owner=root group=root
  notify:
    - reload httpd
